Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #23468: Clean-up HTML strings before adding them to the generated documents

Download Browse

To avoid issues with hand crafted/generated by third party HTML content in the artifacts the strings are now sanitized with DOMPurify. This should be close to what is done in the different views where HTML content is displayed. The one way we know to reproduce this issue is shown as a test case. Change-Id: I7dc9ba308662a1ef7cafb7157758c9bde8205385

+31 −2
Thomas Gerbet (tgerbet) 2021-10-26 14:53
Thomas Gerbet (tgerbet) 2021-10-26 15:12
086f59478b97ea6b08f6809523c47f21412bb090
33bbdbcc6afbbff509cb340ca0afd1a8de70cc09
git #tuleap/stable/086f59478b97ea6b08f6809523c47f21412bb090

Modified Files

Side by side diff
Inline diff
Name
M plugins/document_generation/package.json +2 −0 Go to diff View file
M plugins/document_generation/pnpm-lock.yaml +18 −0 Go to diff View file
M plugins/document_generation/scripts/tracker-report-action/src/Exporter/DOCX/TextContent/transform-html-into-paragraphs.test.ts +8 −0 Go to diff View file
M plugins/document_generation/scripts/tracker-report-action/src/Exporter/DOCX/TextContent/transform-html-into-paragraphs.ts +3 −2 Go to diff View file